wg-quick: check permissions of parent directory
Also prefix octal 0, in case these files are actually of modes that don't start with 0 by accident (such as SUID or sticky bit). Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
parent
cbd2b0531f
commit
83caaa7a96
|
@ -30,7 +30,7 @@ parse_options() {
|
||||||
[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,16}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf"
|
[[ $CONFIG_FILE =~ ^[a-zA-Z0-9_=+.-]{1,16}$ ]] && CONFIG_FILE="/etc/wireguard/$CONFIG_FILE.conf"
|
||||||
[[ -e $CONFIG_FILE ]] || die "\`$CONFIG_FILE' does not exist"
|
[[ -e $CONFIG_FILE ]] || die "\`$CONFIG_FILE' does not exist"
|
||||||
[[ $CONFIG_FILE =~ /?([a-zA-Z0-9_=+.-]{1,16})\.conf$ ]] || die "The config file must be a valid interface name, followed by .conf"
|
[[ $CONFIG_FILE =~ /?([a-zA-Z0-9_=+.-]{1,16})\.conf$ ]] || die "The config file must be a valid interface name, followed by .conf"
|
||||||
((($(stat -c '%#a' "$CONFIG_FILE") & 0007) == 0)) || echo "Warning: \`$CONFIG_FILE' is world accessible" >&2
|
((($(stat -c '0%#a' "$CONFIG_FILE") & $(stat -c '0%#a' "/etc/wireguard") & 0007) == 0)) || echo "Warning: \`$CONFIG_FILE' is world accessible" >&2
|
||||||
INTERFACE="${BASH_REMATCH[1]}"
|
INTERFACE="${BASH_REMATCH[1]}"
|
||||||
shopt -s nocasematch
|
shopt -s nocasematch
|
||||||
while read -r line || [[ -n $line ]]; do
|
while read -r line || [[ -n $line ]]; do
|
||||||
|
|
Loading…
Reference in a new issue